Patents by Inventor Jiyong Jang
Jiyong Jang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12045713Abstract: A method, apparatus and computer program product to protect a deep neural network (DNN) having a plurality of layers including one or more intermediate layers. In this approach, a training data set is received. During training of the DNN using the received training data set, a representation of activations associated with an intermediate layer is recorded. For at least one or more of the representations, a separate classifier (model) is trained. The classifiers, collectively, are used to train an outlier detection model. Following training, the outliner detection model is used to detect an adversarial input on the deep neural network. The outlier detection model generates a prediction, and an indicator whether a given input is the adversarial input. According to a further aspect, an action is taken to protect a deployed system associated with the DNN in response to detection of the adversary input.Type: GrantFiled: November 17, 2020Date of Patent: July 23, 2024Assignee: International Business Machines CorporationInventors: Jialong Zhang, Zhongshu Gu, Jiyong Jang, Marc Philippe Stoecklin, Ian Michael Molloy
-
Publication number: 20240211746Abstract: Safety verification for reinforcement learning can include receiving a policy generated by deep reinforced learning, where the policy is used in acting in an environment having a set of states. Responsive to determining that the policy is a non-deterministic policy, the non-deterministic policy can be decomposed into a set of deterministic policies. Responsive to determining that a state-transition function associated with the set of states is unknown, the state-transition function can be approximated at least by training a deep neural network and transforming the deep neural network into a polynomial. Using a constraint solver the policy with the state-transition function can be verified. Runtime shielding can be performed.Type: ApplicationFiled: December 22, 2022Publication date: June 27, 2024Inventors: Kevin Eykholt, Wenbo Guo, Taesung Lee, Jiyong Jang
-
Publication number: 20240210008Abstract: A method of designing an optical system including a dome light and coaxial light, includes: determining a distance between the dome light and the coaxial light based on a radius reduction according to a hole of the dome light; determining a size of the coaxial light based on an optical path of a light ray emitted from the coaxial light; and determining a structure of a printed circuit board (PCB) in the dome light based on an optical path through which the light ray emitted from the coaxial light is reflected by an object.Type: ApplicationFiled: March 6, 2024Publication date: June 27, 2024Applicants: SAMSUNG ELECTRONICS CO., LTD., SEOUL NATIONAL UNIVERSITY R&DB FOUNDATIONInventors: Yeoreum YOON, Byoungho LEE, Hanjin CHO, Yongsung KIM, Taeeun KIM, Siwoo LEE, Jiyong JANG
-
Publication number: 20240119347Abstract: A computer-implemented method according to one embodiment includes training a bidirectional encoder representations from transformers (BERT) model to generate a software representation. An intermediate representation (IR) of a software package is input to the trained BERT model, and a software representation corresponding to the software package is received as output from the trained BERT model. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method. A system according to another embodiment includes a processor, and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor. The logic is configured to perform the foregoing method.Type: ApplicationFiled: October 7, 2022Publication date: April 11, 2024Inventors: Soyeon Park, Dhilung Kirat, Sanjeev Das, Douglas Lee Schales, Taesung Lee, Jiyong Jang
-
Patent number: 11947956Abstract: A method, system and apparatus for software intelligence as-a-service, including decomposing software into functional blocks to provide a software genome, building a representation of the software genome in a knowledge graph linking granularities of the functional blocks, and identifying issues with a target software based on the knowledge graph.Type: GrantFiled: March 6, 2020Date of Patent: April 2, 2024Assignee: International Business Machines CorporationInventors: Jiyong Jang, Dhilung Kirat, Marc Philippe Stoecklin
-
Publication number: 20240104221Abstract: A method to test an OS kernel interface, such as an eBPF helper function. The interface has a grammar that defines the kernel interface. Testing is carried out using eBPF code that invokes and tests the interface using a fuzzing engine. To facilitate the process, additional user space code is configured to generate at least one kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. After loading the eBPF code into the OS kernel, the user space code issues the kernel event that causes the eBPF code to run. In response, and as the fuzzing engine executes, the eBPF code records arguments sent to the OS kernel through the kernel interface. The arguments are passed through a data structure shared by the eBPF code and the user space code. By recording the arguments and other diagnostic information, the security of the kernel interface is evaluated.Type: ApplicationFiled: September 23, 2022Publication date: March 28, 2024Applicant: International Business Machines CorporationInventors: Anthony Saieva, Frederico Araujo, Sanjeev Das, Michael Vu Le, Jiyong Jang
-
Patent number: 11936661Abstract: A cloud based implemented method (and apparatus) includes receiving input data including bipartite graph data in a format of source MAC (Media Access Control) address data versus destination IP (Internet Protocol) data and timestamp information, and providing the input bipartite graph data into a first processing to detect malicious beaconing activities using a lockstep detection module on the input bipartite graph data, as executed in a cloud environment, to detect possible synchronized attacks against a targeted infrastructure.Type: GrantFiled: December 30, 2020Date of Patent: March 19, 2024Assignee: Kyndryl, Inc.Inventors: Jiyong Jang, Dhilung Hang Kirat, Bum Jun Kwon, Douglas Lee Schales, Marc Philippe Stoecklin
-
Patent number: 11847555Abstract: A neural network is augmented to enhance robustness against adversarial attack. In this approach, a fully-connected additional layer is associated with a last layer of the neural network. The additional layer has a lower dimensionality than at least one or more intermediate layers. After sizing the additional layer appropriately, a vector bit encoding is applied. The encoding comprises an encoding vector for each output class. Preferably, the encoding is an n-hot encoding, wherein n represents a hyperparameter. The resulting neural network is then trained to encourage the network to associated features with each of the hot positions. In this manner, the network learns a reduced feature set representing those features that contain a high amount of information with respect to each output class, and/or to learn constraints between those features and the output classes. The trained neural network is used to perform a classification that is robust against adversarial examples.Type: GrantFiled: December 4, 2020Date of Patent: December 19, 2023Assignee: International Business Machines CorporationInventors: Kevin Eykholt, Taesung Lee, Ian Michael Molloy, Jiyong Jang
-
Patent number: 11822673Abstract: Program analysis is provided. An intermediate representation of a program is generated. A set of structured inputs is provided to the program. The set of structured inputs are derived from the intermediate representation. The program is executed using the set of structured inputs. A set of action steps is performed in response to observing a violation of a policy during execution of the program using the structured inputs.Type: GrantFiled: August 5, 2021Date of Patent: November 21, 2023Assignee: International Business Machines CorporationInventors: Frederico Araujo, William Blair, Sanjeev Das, Jiyong Jang
-
Patent number: 11818145Abstract: An automated technique for security monitoring leverages a labeled semi-directed temporal graph derived from system-generated events. The temporal graph is mined to derive process-centric subgraphs, with each subgraph consisting of events related to a process. The subgraphs are then processed to identify atomic operations shared by the processes, wherein an atomic operation comprises a sequence of system-generated events that provide an objective context of interest. The temporal graph is then reconstructed by substituting the identified atomic operations derived from the subgraphs for the edges in the original temporal graph, thereby generating a reconstructed temporal graph. Using graph embedding, the reconstructed graph is converted into a representation suitable for further machine learning, e.g., using a deep neural network. The network is then trained to learn the intention underlying the temporal graph.Type: GrantFiled: December 9, 2019Date of Patent: November 14, 2023Assignee: International Business Machines CorporationInventors: Xiaorui Pan, Xiaokui Shu, Dhilung Hang Kirat, Jiyong Jang, Marc Philippe Stoecklin
-
Publication number: 20230315847Abstract: An approach for detection of malware is disclosed. The approach involves the use of using IR level analysis and embedding of canonical representation on a suspecting sample of software code. The approach can be applied to both malicious and benign software. Specifically, the approach includes converting a binary code to an IR (intermediate representation), canonicalizing the IR into a canonical IR, extracting one or more similarity representation based on the extracted features and comparing the one or more similarity representation to known malware.Type: ApplicationFiled: March 30, 2022Publication date: October 5, 2023Inventors: Dhilung Kirat, Jiyong Jang, Ian Michael Molloy, Josyula R. Rao
-
Publication number: 20230319090Abstract: An automated method for processing security events. It begins by building an initial version of a knowledge graph based on security information received from structured data sources. Using entities identified in the initial version, additional security information is then received. The additional information is extracted from one or more unstructured data sources. The additional information includes text in which the entities (from the structured data sources) appear. The text is processed to extract relationships involving the entities (from the structured data sources) to generate entities and relationships extracted from the unstructured data sources. The initial version of the knowledge graph is then augmented with the entities and relationships extracted from the unstructured data sources to build a new version of the knowledge graph that consolidates the intelligence received from the structured data sources and the unstructured data sources. The new version is then used to process security event data.Type: ApplicationFiled: June 5, 2023Publication date: October 5, 2023Inventors: Youngja Park, Jiyong Jang, Dhilung Hang Kirat, Josyula R. Rao, Marc Philippe Stoecklin
-
Patent number: 11748473Abstract: An intrusion detection system (IDS) for a micro-services environment identifies attacks in substantially real-time and at a container-level. In this approach, behavior models are generated from container images using a binary analysis. A behavior model is a graph data structure having nodes and edges, wherein an edge represents a system call made by at least one process represented as a node in the graph data structure. The model is co-located with a running container, thereby enabling detection of anomalies as the container executes in a container environment on a hardware node. A per-container IDS function is instantiated by checking whether system call telemetry generated by an image's running container satisfies the associated behavior model that has been generated for the container image. If the telemetry indicates activity that deviates from the behavior model, an automated action is then initiated to attempt to address the attack, preferably while it is in progress.Type: GrantFiled: October 15, 2020Date of Patent: September 5, 2023Assignee: International Business Machines CorporationInventors: Frederico Araujo, Teryl Paul Taylor, Jiyong Jang, Will Blair
-
Patent number: 11728977Abstract: An encoder includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a key, estimate a network capacity, and encode each bit of the key using a random matrix of a selected rank and the estimated network capacity for secure transmission of the key through a network.Type: GrantFiled: September 27, 2019Date of Patent: August 15, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Xin Hu, Wentao Huang, Jiyong Jang, Theodoros Salonidis, Marc Ph Stoecklin, Ting Wang
-
Publication number: 20230169176Abstract: A processor-implemented method generates adversarial example objects. One or more processors represent an adversarial input generation process as a graph. The processor(s) explore the graph, such that a sequence of edges on the graph are explored. The processor(s) create, based on the exploring, an adversarial example object, and utilize the created adversarial example object to harden an existing process model against vulnerabilities.Type: ApplicationFiled: November 28, 2021Publication date: June 1, 2023Inventors: TAESUNG LEE, KEVIN EYKHOLT, DOUGLAS LEE SCHALES, JIYONG JANG, IAN MICHAEL MOLLOY
-
Patent number: 11632393Abstract: Malware is detected and mitigated by differentiating HTTP error generation patterns between errors generated by malware, and errors generated by benign users/software. In one embodiment, a malware detector system receives traffic that includes HTTP errors and successful HTTP requests. Error traffic and the successful request traffic are segmented for further analysis. The error traffic is supplied to a clustering component, which groups the errors, e.g., based on their URI pages and parameters. During clustering, various statistical features are extracted (as feature vectors) from one or more perspectives, namely, error provenance, error generation, and error recovery. The feature vectors are supplied to a classifier component, which is trained to distinguish malware-generated errors from benign errors. Once trained, the classifier takes an error cluster and its surrounding successful HTTP requests as inputs, and it produces a verdict on whether a particular cluster is malicious.Type: GrantFiled: October 16, 2020Date of Patent: April 18, 2023Assignee: International Business Machines CorporationInventors: Jialong Zhang, Jiyong Jang, Marc Philippe Stoecklin
-
Publication number: 20230088676Abstract: A method to detect anomalous behavior in a computing system begins by training a graph neural network (GNN) in an unsupervised manner by applying contrastive representation learning on sets of positive samples and negative samples derived from one or more heterogeneous graphs using meta-path sampling. Following training, a temporal graph derived from system-generated events is received. The GNN is used to embed the temporal graph into a vector representation in a vector space. The trained GNN is also used to embed a set of attack pattern graphs into corresponding vector representations in the vector space. For anomaly detection, the representation corresponding to the temporal graph is compared to the representations corresponding to the attack pattern graphs. In one embodiment, the comparison is implemented using a fuzzy pattern matching algorithm. If a fuzzy match is found, an indication that the temporal graph is associated with a potential attack on the computing system is then output.Type: ApplicationFiled: September 20, 2021Publication date: March 23, 2023Applicant: International Business Machines CorporationInventors: Dongdong She, Xiaokui Shu, Kevin Eykholt, Jiyong Jang
-
Publication number: 20230044951Abstract: Program analysis is provided. An intermediate representation of a program is generated. A set of structured inputs is provided to the program. The set of structured inputs are derived from the intermediate representation. The program is executed using the set of structured inputs. A set of action steps is performed in response to observing a violation of a policy during execution of the program using the structured inputs.Type: ApplicationFiled: August 5, 2021Publication date: February 9, 2023Inventors: Frederico Araujo, William Blair, Sanjeev Das, Jiyong Jang
-
Patent number: 11533325Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.Type: GrantFiled: February 4, 2021Date of Patent: December 20, 2022Assignee: International Business Machines CorporationInventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
-
Patent number: 11520939Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.Type: GrantFiled: March 17, 2017Date of Patent: December 6, 2022Assignee: International Business Machines CorporationInventors: Anton Beitler, Jiyong Jang, Dhilung Hang Kirat, Anil Kurmus, Matthias Neugschwandtner, Marc Philippe Stoecklin